Updating ms office 2016 to 2016

20-Nov-2019 09:11

For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3177451.

If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.

An attacker would have no way to force users to visit the website.

Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.

To exploit the vulnerability, an attacker could create a specially crafted One Note file and convince a victim to open it.

For an attack to be successful, the attacker must know the specific location of One Note objects in memory.

However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.

An attacker would have no way to force users to visit the website.

Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.

To exploit the vulnerability, an attacker could create a specially crafted One Note file and convince a victim to open it.

For an attack to be successful, the attacker must know the specific location of One Note objects in memory.

Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-3316.